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REMARKS 

This Application has been carefully reviewed in light of the Office Action. At the 
time of the Office Action, Claims 1, 3, 5-8, and 24-38 were pending and rejected. Applicants 
have added Claim 39. Applicants respectfully request reconsideration and favorable action in 
this case. 

Section 103 Rejections 

The Examiner rejects Claims 1, 3, 5-8 and 24-37 under 35 U.S.C. § 103(a) as 
allegedly being unpatentable over "Security Assertions Markup Language (SAML)", 
Netegrity, May 20, 2001, Pages 1-7 ("the SAML Reference") in view of U.S. Patent No. 
6,892,307 to Wood et al. ("Wood") and in view of Mishra et al. ("Security Services Markup 
Language", January 8, 2001 ("Mishra 1 ). The Examiner rejects Claim 38 under 35 U.S.C. § 
103(a) as allegedly being unpatentable over the SAML Reference in view of Wood and in 
view of Mishra and further in view of U.S. Patent No. 6,959,336 to Moreh et al. ("Moreh"). 
Applicants respectfully traverse those rejections. 

I. Neither the SAML Reference nor Mishra^ either alone or in combination, 
disclose, teach, or suggest the limitations "if the private key matches the public 
key in the assertion, granting at the agent the second request" as recited in Claim 
1. 

Claim 1 is allowable at least because the cited references do not disclose teach or 
suggest the following combination of limitations: 

intercepting at the agent a second request to grant the web service 
customer access to the second web service, the second request comprising the 
assertion and a signature associated with a private key; and 

if the private key matches the public key in the assertion, granting 
at the agent the second request without reauthenticating or reauthorizing the 
web service customer. 

To reject those limitations, the Examiner relies on the SAML Reference. Office 
Action, page 4, lines 5-7. However, the SAML Reference is completely devoid of any 
teaching of granting a request "if the private key matches the public key in the assertion" as 
recited in Claim 1 . Rather, the passage of the SAML Reference relied upon by the Examiner 
discloses that various "destination websites" may collect authentication information from a 
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"credential collector" based on a token provided by the user in order to authenticate that user . 
According to the passage: 

An end-user authenticates with a source Web site. The end-user then 
accesses a protected resource at another Web site, without having to re- 
authenticate herself at that Web site (the destination Web site). 

In this model, the destination Web site can "pull" authentication 
information from the source Web site based on references or tokens 
provided by the end-user. The source Web site then acts as a credentials 
collector , authentication authority, and attribute authority. The destination 
Web site acts as a Policy Decision Point (PDP) and Policy Enforcement Point 
(PEP) 

In this same scenario, a third-party security service can provide 
authentication assertions for the end user. Multiple destination Web sites 
can then use the same authentication assertions to authenticate the end- 
user. In this case, the security service acts as a credentials collector , 

authentication authority, and attribute authority. The destination Web sites act 
as PDP and PEP. 

the SAML Reference, page 5, line 20 through page 6, line 7 (emphasis added). That is, rather 
than disclosing that a request is granted "if the private key matches the public key in the 
assertion" as recited in Claim 1 , this passage of the SAML Reference merely discloses that, in 
order to authenticate a user, various "destination websites" may collect authentication 
information from a "credential collector" based on a token provided by the user. 
Respectfully, gathering authentication information from a "credential collector" in order to 
authenticate a user does not disclose, teach, or suggest granting a request "if the private key 
matches the public key in the assertion" as recited in Claim 1 . 

The Examiner also argues that, even though the SAML Reference fails to disclose 
"encrypting the session ticket ID and a public key into an assertion and matching a public key 
with a private key . . . Mishra . . . discloses encrypting the session ticket ID and a public key 
into an assertion and matching a public key with a private key." Office Action page 4, line 19 
through page 5, line 1. Applicants respectfully point out that the Examiner's paraphrasing of 
Applicants claims fails to address the limitations of Claim 1 . Claim 1 recites "if the private 
key matches the public key in the assertion, granting at the agent the second request 
without reauthenticating or reauthorizing the web service customer." As explained above, the 
SAML Reference fails to disclose, teach, or suggest those limitations. To the extent that the 
Examiner argues that Mishra could be combined with the SAML Reference to disclose those 
limitations, Applicants respectfully disagree. Modifying the alleged web service 
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authentication method of the SAML Reference with the alleged public key / private key 
encryption features of Mishra would change the SAML Reference's principle of operation. 

Without conceding that the Examiner's proposed modification is technically feasible 
or that the Examiner's descriptions of the references are technically accurate, even if it were 
possible to modify the references as the Examiner suggests such that the alleged web service 
authentication scheme of the SAML Reference were operable to authenticate a user if a public 
key matched a private key, that modification would completely change the SAML Reference's 
principle of operation. In particular, the Examiner's proposed modification would change the 
system of the SAML Reference from a system where various "destination websites" 
authenticate a user by collecting authentication information from a "credential collector" to a 
system that relies on matching public keys with private keys in order to authenticate a user. 

The MPEP explicitly states that there is no motivation to combine references under 
this set of facts. "If the proposed modification or combination of the prior art would change 
the principle of operation of the prior art invention being modified, then the teachings of the 
references are not sufficient to render the claims prima facie obvious." MPEP §2143.01 
(emphasis added). Additionally, the examination guidelines issued by the United States 
Patent and Trademark Office ("PTO") in response to the U.S. Supreme Court's recent 
decision in KSR Int'l Co. v. Telejlex, Inc. state, in part, that "[t]he rationale to support a 
conclusion that the claim would have been obvious is that all the claimed elements were 
known in the prior art and one skilled in the art could have combined the elements as claimed 
by known methods with no change in their respective functions...?' Examination 
Guidelines for Determining Obviousness Under 35 U.S.C. 103 in View of the Supreme Court 
Decision in KSR International Co. v. Teleflex Inc., 72 Fed. Reg. 57526, 57529 (Oct. 10, 
2007) (emphasis added). According to this legal principle, Applicants respectfully contend 
that the Examiner's proposed combination of the SAML Reference with Mishra is improper 
and that Claim 1 and each if its dependent claims (e.g., Claims 3, 5, 6, 24, 25, and 33-38) are 
in condition for allowance. For analogous reasons, Applicants further contend that Claims 7, 
26, and 32 and each of their respective dependent claims (e.g., Claims 8 and 27-31) are in 
condition for allowance. 
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II. The SAML Reference does not disclose, teach, or suggest that "the second 
request originates at the first web service" as recited in Claim 25. 

Claim 25 is directed to the method of Claim 1 "wherein the first request originates at 
the web service customer and the second request originates at the first web service." To 
reject those limitations, the Examiner generally points to pages 5 and 6 of the SAML 
Reference, However, Applicants have reviewed the entirety of the SAML Reference, and 
cannot find any teaching of the limitations above-quoted limitations of Claim 25. Rather, the 
SAML Reference merely discloses that "[a]n end user authenticates with a source Web site. 
The end-user then accesses a protected resource at a another Web site, without having to re- 
authenticate herself at that Web site (the destination Web site)." SAML Reference, page 5 
lines 20-21 . Respectfully, nothing in this passage of the SAML Reference, or in the remainder 
of the passages cited by the Examiner, discloses, teaches, or suggests the limitations, 
"wherein the first request originates at the web service customer and the second request 
originates at the first web service" as recited in Claim 25. To the extent that the Examiner 
intends to maintain this rejection, Applicants respectfully request the Examiner to explain 
how the cited portions of the SAML Reference allegedly disclose the above-quoted limitations 
of Claim 25 so that Applicants may respond accordingly. For at least these reasons, 
Applicants respectfully contend that Claim 25 is in condition for allowance. For analogous 
reasons Applicants further contend that Claims 31 and 35 are in condition for allowance. 

HI. All Claims are in condition for allowance. 

For at least the reasons stated above, Applicants respectfully contend that each and 
every claim is in condition for allowance. Moreover, Applicants respectfully contend that 
none of the deficiencies described above with respect to the SAML Reference are accounted 
for by any of the remaining references cited by the Examiner or by the knowledge of one of 
ordinary skill in the art. 

New Claims 

Applicants have added Claim 39 which is fully supported by the Specification as 
originally filed and adds no new matter. Applicants respectfully contend that none of the 
cited references disclose, or even teach or suggest, either alone or in combination, the 
combination elements recited in that claim. As one example, Claim 39 depends from an 
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allowable independent claim, as discussed above. As another example, no reference shows 
that "the second request originates at the first web service independent of the web service 
customer requesting access to the second web service," as recited in Claim 39. 

No Waiver 

Applicants have merely discussed example distinctions from the references cited by 
the Examiner. Other distinctions may exist, and Applicants reserve the right to discuss these 
additional distinctions in a later Response or on Appeal, if appropriate. By not responding to 
additional statements made by the Examiner, Applicants do not acquiesce to the Examiner's 
additional statements. The example distinctions discussed by Applicants are sufficient to 
overcome the Examiner's rejections. 
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CONCLUSION 



Applicants have made an earnest attempt to place this case in condition for allowance. 
For the foregoing reasons, and for other apparent reasons, Applicants respectfully request full 
allowance of all pending Claims. If the Examiner feels that a telephone conference would 
advance prosecution of this Application in any manner, the undersigned attorney for 
Applicants stand ready to conduct such a conference at the convenience of the Examiner. 

The Examiner is authorized to charge the amount of $52.00 for the addition of one 
dependent claim to Deposit Account No. 02-0384 of BAKER BOTTS L.L.P. Please charge 
any additional fees or credit any overpayment to Deposit Account No. 02-0384 of BAKER 



BOTTS L.L.P. 
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